Subscribe for expert insights to protect your applications.

Thanks! Your subscription has been recorded.
subscribe   
blog image
FEATURED  |  
2021-03-24

Web Application Security Is Not API Security

Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.

blog image
FEATURED  |  
24.3.2021

Web Application Security Is Not API Security

Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.

API Security
blog image
FEATURED  |  
2021-03-19

4 Steps To Secure Requests Between Microservices

As microservices grow in popularity, they present attackers with more opportunities for API attacks. These new security approaches can help.

blog image
FEATURED  |  
19.3.2021

4 Steps To Secure Requests Between Microservices

As microservices grow in popularity, they present attackers with more opportunities for API attacks. These new security approaches can help.

cloud-native
blog image
FEATURED  |  
2021-03-17

Does SAST Deliver? The Challenges of Code Scanning

Code scanning performed by Static Application Security Testing tools helps developers find vulnerabilities even as they write code, but at a cost.

blog image
FEATURED  |  
16.3.2021

Does SAST Deliver? The Challenges of Code Scanning

Code scanning performed by Static Application Security Testing tools helps developers find vulnerabilities even as they write code, but at a cost.

technology
blog image
FEATURED  |  
2021-03-12

Use the OWASP API Top 10 To Secure Your APIs

Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.

blog image
FEATURED  |  
12.3.2021

Use the OWASP API Top 10 To Secure Your APIs

Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.

API Security
blog image
FEATURED  |  
2021-03-11

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment

blog image
FEATURED  |  
11.3.2021

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment

Releases
blog image
FEATURED  |  
2021-03-02

6 New Requirements for Securing Microservices vs. Monolithic Apps

The shift to microservices requires new ways to anticipate, plan, and protect web applications.

blog image
FEATURED  |  
3.3.2021

6 New Requirements for Securing Microservices vs. Monolithic Apps

The shift to microservices requires new ways to anticipate, plan, and protect web applications.

cloud-native
blog image
FEATURED  |  
2021-02-26

What is the OWASP Top 10?

OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.

blog image
FEATURED  |  
26.2.2021

What is the OWASP Top 10?

OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.

Foundations
blog image
FEATURED  |  
2021-02-23

What is Web Application Security?

Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.

blog image
FEATURED  |  
24.2.2021

What is Web Application Security?

Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.

Foundations
blog image
FEATURED  |  
2021-02-19

The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses

Lacking the power of AI and machine learning, common security technologies miss API attacks by not seeing the broader business context. Here’s what happened at Shopify.

blog image
FEATURED  |  
19.2.2021

The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses

Lacking the power of AI and machine learning, common security technologies miss API attacks by not seeing the broader business context. Here’s what happened at Shopify.

breach analysis
blog image
FEATURED  |  
2021-02-17

Application Security in the Public Cloud Requires Shared Responsibility

The shared responsibility model describes how security is shared by both the cloud provider and user. Here’s how modern application and API security requirements change the equation.

blog image
FEATURED  |  
17.2.2021

Application Security in the Public Cloud Requires Shared Responsibility

The shared responsibility model describes how security is shared by both the cloud provider and user. Here’s how modern application and API security requirements change the equation.

cloud-native
blog image
FEATURED  |  
2021-02-12

Why Was Facebook Vulnerable to an Authentication Exploit?

Even the largest companies in the world are susceptible to API vulnerabilities. How modern security defenses fail — and how to fix them.

blog image
FEATURED  |  
12.2.2021

Why Was Facebook Vulnerable to an Authentication Exploit?

Even the largest companies in the world are susceptible to API vulnerabilities. How modern security defenses fail — and how to fix them.

breach analysis
blog image
FEATURED  |  
2021-02-10

Why CISOs are Investing in Traceable AI

A Discussion with Lemonade CISO Jonathan Jaffe

blog image
FEATURED  |  
10.2.2021

Why CISOs are Investing in Traceable AI

A Discussion with Lemonade CISO Jonathan Jaffe

company
blog image
FEATURED  |  
2021-02-10

Does Dynamic Application Security Testing (DAST) Deliver?

DAST tools provide pentesters with a hacker’s-eye-view of system vulnerabilities. What are the advantages and disadvantages of this important security tool?

blog image
FEATURED  |  
10.2.2021

Does Dynamic Application Security Testing (DAST) Deliver?

DAST tools provide pentesters with a hacker’s-eye-view of system vulnerabilities. What are the advantages and disadvantages of this important security tool?

app security
blog image
FEATURED  |  
2021-02-04

The Uber API Authorization Vulnerability

Most security defenses would have missed the Uber API authorization vulnerability. Here’s why.

blog image
FEATURED  |  
4.2.2021

The Uber API Authorization Vulnerability

Most security defenses would have missed the Uber API authorization vulnerability. Here’s why.

breach analysis
blog image
FEATURED  |  
2021-03-11

Traceable Defense AI M6 and M7 Released

M6 and M7 bring GraphQL and gRPC, new agent support, OpenTelemetry compatibility, business risk visibility and API risk scoring, many new and configurable blocking rules, lots of new discovered data on your API endpoints, and improved enterprise readiness.

blog image
FEATURED  |  
1.2.2021

Traceable Defense AI M6 and M7 Released

M6 and M7 bring GraphQL and gRPC, new agent support, OpenTelemetry compatibility, business risk visibility and API risk scoring, many new and configurable blocking rules, lots of new discovered data on your API endpoints, and improved enterprise readiness.

Releases
blog image
FEATURED  |  
2021-01-30

SecOps: Go Beyond Application Security Testing With Runtime Protection

SecOps keeps production environments safe. Now, “shifting left” approaches are needed to secure production applications and APIs.

blog image
FEATURED  |  
30.1.2021

SecOps: Go Beyond Application Security Testing With Runtime Protection

SecOps keeps production environments safe. Now, “shifting left” approaches are needed to secure production applications and APIs.

app security
blog image
FEATURED  |  
2021-01-25

What Runtime Application Self-Protection (RASP) Doesn’t Solve

RASPs complement perimeter defense systems, but they also have weaknesses that can introduce their own vulnerabilities.

blog image
FEATURED  |  
22.1.2021

What Runtime Application Self-Protection (RASP) Doesn’t Solve

RASPs complement perimeter defense systems, but they also have weaknesses that can introduce their own vulnerabilities.

technology
blog image
FEATURED  |  
2021-01-16

Protecting Against the Hidden Threats of New Technologies

New tech transform dev - but with risk

blog image
FEATURED  |  
12.1.2021

Protecting Against the Hidden Threats of New Technologies

New tech transform dev - but with risk

app security
blog image
FEATURED  |  
2021-01-12

The Evolution to Cloud-Native Applications and APIs

Moving from local monoliths to cloud based microservices

blog image
FEATURED  |  
12.1.2021

The Evolution to Cloud-Native Applications and APIs

Moving from local monoliths to cloud based microservices

app security
blog image
FEATURED  |  
2020-12-23

Modern Application Security and Supply Chain Attacks - 3 challenges

API Security and the SolarWinds Breach: a wake up call

blog image
FEATURED  |  
22.12.2020

Modern Application Security and Supply Chain Attacks - 3 challenges

API Security and the SolarWinds Breach: a wake up call

app security
blog image
FEATURED  |  
2020-12-17

Security Observability: Why Tracing?

What if we could reduce the time to detect a cyber attack all the way down to zero?

blog image
FEATURED  |  
17.12.2020

Security Observability: Why Tracing?

What if we could reduce the time to detect a cyber attack all the way down to zero?

Observability
blog image
FEATURED  |  
2020-12-10

5 Reasons Why App Sec and Eng Teams Must Work Together

The popularity of cloud-based computing has made API security the next big challenge...

blog image
FEATURED  |  
9.12.2020

5 Reasons Why App Sec and Eng Teams Must Work Together

The popularity of cloud-based computing has made API security the next big challenge...

app security
blog image
FEATURED  |  
2020-11-25

Secure Kubernetes Architecture: 6 Factors Essential to Success

Six factors to get right when planning Kubernetes architecture.

blog image
FEATURED  |  
25.11.2020

Secure Kubernetes Architecture: 6 Factors Essential to Success

Six factors to get right when planning Kubernetes architecture.

app security
blog image
FEATURED  |  
2020-11-18

Financial Services Risk Management: Why Application Security

Cybersecurity is a key part of enterprise risk management in financial services

blog image
FEATURED  |  
18.11.2020

Financial Services Risk Management: Why Application Security

Cybersecurity is a key part of enterprise risk management in financial services

app security
blog image
FEATURED  |  
2020-11-02

Why Web App Firewalls Aren’t Protecting Your Cloud-Native Apps

How do you know your apps are protected?

blog image
FEATURED  |  
2.11.2020

Why Web App Firewalls Aren’t Protecting Your Cloud-Native Apps

How do you know your apps are protected?

app security
blog image
FEATURED  |  
2020-09-11

3 Threat Vectors Addressed by Zero Trust App Sec

Common internal and external threats and the Zero Trust practices to address them.

blog image
FEATURED  |  
11.9.2020

3 Threat Vectors Addressed by Zero Trust App Sec

Common internal and external threats and the Zero Trust practices to address them.

app security
blog image
FEATURED  |  
2020-07-28

Modern Application Security - Good and Bad News part 2

PartII: API Security in Modern Applications

blog image
FEATURED  |  
27.7.2020

Modern Application Security - Good and Bad News part 2

PartII: API Security in Modern Applications

app security
blog image
FEATURED  |  
2020-07-21

What to Look for in an Enterprise Security Tool

A Practitioner's View

blog image
FEATURED  |  
20.7.2020

What to Look for in an Enterprise Security Tool

A Practitioner's View

app security
blog image
FEATURED  |  
2020-07-16

Modern Application Security - Good and Bad News

Part I: What are Modern Applications

blog image
FEATURED  |  
15.7.2020

Modern Application Security - Good and Bad News

Part I: What are Modern Applications

app security
blog image
FEATURED  |  
2020-07-15

TraceAI : Machine Learning Driven Application and API Security

An introduction to anomaly detection in the context of distributed tracing.

blog image
FEATURED  |  
14.7.2020

TraceAI : Machine Learning Driven Application and API Security

An introduction to anomaly detection in the context of distributed tracing.

technology
blog image
FEATURED  |  
2020-07-14

Introducing Traceable

Application Security for APIs and Cloud-Native Apps.

blog image
FEATURED  |  
6.7.2020

Introducing Traceable

Application Security for APIs and Cloud-Native Apps.

company
FEATURED  |  
4.9.21

API Security Challenges: How to Manage APIs Amidst Continuous Change

We're living in a world of continuous change, which makes it hard to manage APIs. Read this guide to API security challenges and how to fix them.

API Security
FEATURED  |  
3.31.21

Top 5 Ways To Protect Against Data Exposure

Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.

app security
FEATURED  |  
4.2.21

The Consequences of Poor Authentication and Authorization Practices in APIs

Everything You Need to Know About Authentication and Authorization in Web APIs - Part 2

API Security
FEATURED  |  
3.26.21

Everything You Need to Know About Authentication and Authorization in Web APIs - Part 1

Part 1: Technologies used to create web applications have fundamentally changed. Authentication and authorization techniques must change with them.

API Security
FEATURED  |  
3.24.21

Web Application Security Is Not API Security

Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.

API Security
FEATURED  |  
3.19.21

4 Steps To Secure Requests Between Microservices

As microservices grow in popularity, they present attackers with more opportunities for API attacks. These new security approaches can help.

cloud-native
FEATURED  |  
3.17.21

Does SAST Deliver? The Challenges of Code Scanning

Code scanning performed by Static Application Security Testing tools helps developers find vulnerabilities even as they write code, but at a cost.

technology
FEATURED  |  
3.12.21

Use the OWASP API Top 10 To Secure Your APIs

Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.

API Security
FEATURED  |  
3.11.21

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment

Releases
FEATURED  |  
3.2.21

6 New Requirements for Securing Microservices vs. Monolithic Apps

The shift to microservices requires new ways to anticipate, plan, and protect web applications.

cloud-native
FEATURED  |  
2.26.21

What is the OWASP Top 10?

OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.

Foundations
FEATURED  |  
2.23.21

What is Web Application Security?

Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.

Foundations
FEATURED  |  
2.19.21

The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses

Lacking the power of AI and machine learning, common security technologies miss API attacks by not seeing the broader business context. Here’s what happened at Shopify.

breach analysis
FEATURED  |  
2.17.21

Application Security in the Public Cloud Requires Shared Responsibility

The shared responsibility model describes how security is shared by both the cloud provider and user. Here’s how modern application and API security requirements change the equation.

cloud-native
FEATURED  |  
2.12.21

Why Was Facebook Vulnerable to an Authentication Exploit?

Even the largest companies in the world are susceptible to API vulnerabilities. How modern security defenses fail — and how to fix them.

breach analysis
FEATURED  |  
2.10.21

Why CISOs are Investing in Traceable AI

A Discussion with Lemonade CISO Jonathan Jaffe

company
FEATURED  |  
2.10.21

Does Dynamic Application Security Testing (DAST) Deliver?

DAST tools provide pentesters with a hacker’s-eye-view of system vulnerabilities. What are the advantages and disadvantages of this important security tool?

app security
FEATURED  |  
2.4.21

The Uber API Authorization Vulnerability

Most security defenses would have missed the Uber API authorization vulnerability. Here’s why.

breach analysis
FEATURED  |  
3.11.21

Traceable Defense AI M6 and M7 Released

M6 and M7 bring GraphQL and gRPC, new agent support, OpenTelemetry compatibility, business risk visibility and API risk scoring, many new and configurable blocking rules, lots of new discovered data on your API endpoints, and improved enterprise readiness.

Releases
FEATURED  |  
1.30.21

SecOps: Go Beyond Application Security Testing With Runtime Protection

SecOps keeps production environments safe. Now, “shifting left” approaches are needed to secure production applications and APIs.

app security
FEATURED  |  
1.25.21

What Runtime Application Self-Protection (RASP) Doesn’t Solve

RASPs complement perimeter defense systems, but they also have weaknesses that can introduce their own vulnerabilities.

technology
FEATURED  |  
1.16.21

Protecting Against the Hidden Threats of New Technologies

New tech transform dev - but with risk

app security
FEATURED  |  
1.12.21

The Evolution to Cloud-Native Applications and APIs

Moving from local monoliths to cloud based microservices

app security
FEATURED  |  
12.23.20

Modern Application Security and Supply Chain Attacks - 3 challenges

API Security and the SolarWinds Breach: a wake up call

app security
FEATURED  |  
12.17.20

Security Observability: Why Tracing?

What if we could reduce the time to detect a cyber attack all the way down to zero?

Observability
FEATURED  |  
12.10.20

5 Reasons Why App Sec and Eng Teams Must Work Together

The popularity of cloud-based computing has made API security the next big challenge...

app security
FEATURED  |  
11.25.20

Secure Kubernetes Architecture: 6 Factors Essential to Success

Six factors to get right when planning Kubernetes architecture.

app security
FEATURED  |  
11.18.20

Financial Services Risk Management: Why Application Security

Cybersecurity is a key part of enterprise risk management in financial services

app security
FEATURED  |  
11.2.20

Why Web App Firewalls Aren’t Protecting Your Cloud-Native Apps

How do you know your apps are protected?

app security
FEATURED  |  
9.11.20

3 Threat Vectors Addressed by Zero Trust App Sec

Common internal and external threats and the Zero Trust practices to address them.

app security
FEATURED  |  
7.28.20

Modern Application Security - Good and Bad News part 2

PartII: API Security in Modern Applications

app security
FEATURED  |  
7.21.20

What to Look for in an Enterprise Security Tool

A Practitioner's View

app security
FEATURED  |  
7.16.20

Modern Application Security - Good and Bad News

Part I: What are Modern Applications

app security
FEATURED  |  
7.15.20

TraceAI : Machine Learning Driven Application and API Security

An introduction to anomaly detection in the context of distributed tracing.

technology
FEATURED  |  
7.14.20

Introducing Traceable

Application Security for APIs and Cloud-Native Apps.

company
We’re busy cooking tracing up new posts, check back soon.